I have written and compiled an AutoIT script ("BiconNET.exe") which interacts with the user when double-clicked. While running, the taskmanager lists the program as an App.
Now, I would like to remotely start BiconNET.exe. So I installed and configured openSSH, Cygwin and Putty. Server and client run on Windows 8.1.
I create the SSH-connection using the windows login credentials from the server. I start BiconNET.exe through the Putty conmmandline and I see instantly BiconNET.exe pop up as a service in the taskmanager of the server. But no user interaction follows. The service remains silent, and BiconNET.exe doesn't do any of the tasks its supposed to do. What is wrong here?
I guess I need to achieve that BiconNET.exe runs as an App, not as a service!?
This is what I tried so far:
I tried a workaround using a batchfile, but same issue here: Doubleclicking the batch-file on the Server works fine (BiconNET.exe interacts with the user as wished), but running it through Putty BiconNET.exe gets listed as a service, not doing anything.
I also tried to auto-elevate the batch file using this code. No luck.
I excluded BiconNET.exe from the "Data Execution Protection" (DEP) in the advanced system properties of the server. Makes no difference
I would like to understand where the problem comes from, and how to solve it. Thanks for helping.
Related
I'm working on a monitoring app that is running on a vm and I want my colleagues to be able to use it without connecting on the vm. It works fine but I have one problem.
One of my goals is to start/stop services using a batch file or a cmd file (using Class Runtime in my back). The problem is that I need the administrator privileges to do that. All the methods I found (as Runas or some batch files) only works if the user is on the vm and enter the password or click on the "do you want to run this application as administrator" pop up. I would like to not use the task scheduler to always start cmd as an admin. I already know you can use softwares as "Sanur" but I prefer not to.
The only way to make it works is to start the app as an admin and it works fine (I'm using the "net start/stop" command). But I would like to let everyone start this app (in case I'm not here).
It's not a problem to write the login/password in the file.
Is there a way to do so?
The vm runs on Windows 7.
Thank you in advance.
You don't need to be Administrator to start and stop a service, you just need the privilege. With Windows 7 Professional you can do this through the built-in group policy editor.
With Windows 7 Home, there is not policy editor.
I use a tool called SetACL to do this, e.g:
setacl -on "service-name" -ot srv -actn ace -ace "n:betrand;p:start_stop"
Where "service-name" is the name of the service, and betrand is the user which you want to allow to start and stop the service.
A complete list of options is available on the website:
https://helgeklein.com/setacl/documentation/command-line-version-setacl-exe/
Another option is the SubInACL tool directly from Microsoft.
I have an program which I need to run on multiple PCs (>100) all in same domain and share the same user and password.
If I run a program manually, it opens a console windows where I can see the logs running. I can remote desktop and still be able to see the console windows open and logs running. It helps in debugging as I can see whats going on. Issue is I want to avoid running it manually on all PCs.
I have following requirement
a. It should be able to run program on multiple pcs remotely
b. program should open in foreground where console logs can be seen.
c. launching PC should launch program on PC1 and then (without wait for the program to finish on PC1) it should launch the program on PC2 and so on.
I explored STAF it needs to be installed on all stations. Its heavyweight, needs complex configuration.
I explored power shell , it needs to be enabled on all stations and also probably (read somewhere) has issue with running tasks in foreground.
psexec can run the program but it does it in background, if I use -i option I need to give session id so only it will show the console for a specific remote desktop session. Another major issue with -i is that it will interactive so it waits until the program exits.
Looked a paexe, its simillar to psexe and doesn't solve the issue I am facing with psexe.
Any help is greatly appreciated.
If you have a server, you can put the program on the server and create a shortcut to it (assuming the program is small/simple enough to run on a network share).
You can use One-Click to deploy the programs, and give each of your users a link.
You can change the program into a website for central access.
You can use group policy to deploy the program when a user logs in, assuming you can create a .msi file from it.
I'm writing a server running as a Windows service that by request invokes Firefox to generate a pdf snapshot of a webpage.
I know it is a bad idea to run a GUI program in service mode, but the server nature of my program restricts from running it in the user mode. Running a user-level 'proxy' also is not an option, since there might be no interactive user logged-in on the machine with the server running.
In my experiments Firefox successfully produced pdf when the service was running under a user account that was already logged-in. Obviously it didn't work in other cases: for Local System and user accounts that weren't logged-in. Under LocalSystem with 'Allow service to interact with desktop' option enabled I could see the Firefox started that reports that it's unable to find a printer.
Since it wouldn't be practical to require an opened user session for the pdf server to run, is there any workaround for this except running the whole thing from a virtual machine?
UPDATE: I figured that the problem wasn't really with account permissions, but with an invisible modal dialog that FF was waiting on while running in the service mode.
However it's still unable to create a pdf when FF is running under the LocalSystem account. FF says it can't find a printer and I'm wondering if this is a permission that could be somehow enabled?
You might want to try a different approach where you'd include some .NET PDF library (PDFsharp is a good, open source, choice) in your project and than use that in conjuction with WebBrowser control you'd also include in your project to render the PDF.
Don't forget to use STAThread attribute if you try this.
I've been through a similar conundrum with the MS Word running unattended. What you need to do is to login as the user you set up to be used to run firefox process and go through the process of setting up printers.
It is possible that just logging in as that user will be enough - there is some stuff performed during the first logon.
I apologize I was not clear enough - I mean you have to logon interactively using that account, configure the default printer, logout, and then run your service
Can you run the program as a Scheduled Task instead? The task can be assigned to a given user account which should work around the service limitations.
A couple of year ago I had a related issue: Shared Network Printer on pseudo-device starting up Ghostscript for PS->PCL translation and printing to real printer. The print-spooler service ran as Local System and the pseudo-device driver hat troubles executing Ghostscript from the service-mode. I was able to solve the problem by copying a couple of registry keys from the HKCU-hive to HKLM.
I have a windows server 2003 up in the internet.
But sometime I need to restart it.
After restart, I want one of the applications to run.
I want to do this all programatically.
I can now remotely restart the server.
But the question is how can I ask that piece of software to be executed (more precisely, I want to execute a .BAT file to ask a tomcat to run)?
Because I don't want to manually log in to the machine and start that application. That is time consuming. Is there any possible way, once the machine is started, my application will be run as well?
If you're developing an application that should always be running on the server, you probably need to implement it as a Windows service. For C#, see the classes in the System.ServiceProcess namespace -- you will need to inherit from ServiceBase.
Alternatively, you can set the program to be run as a scheduled task on boot. See the Task Scheduler API to do this.
You can install Cygwin and then do it the same way we'd do it on a Linux box: via ssh, using keys.
OpenSSH is not part of the default Cygwin install, so be sure to select it. It's in the Net category.
Then, after you've installed Cygwin and sshd, read /usr/share/doc/Cygwin/openssh.README to learn how to set up sshd as a service, so it will answer requests automatically, without you having to start the ssh daemon manually.
Finally, set up keys, as described in the link above.
Part of the ssh protocol is a way to ask a remote machine to launch a program. Setting it up with keys lets you do it without needing a password.
You could try xCmd, which is a freeware app to run a command on a remote machine.
A colleague has a batch script program which needs to to run on a Windows Server in console mode, so that it has access to a Windows interactive session. The server is rebooted at regular intervals automatically (there's an unrelated closed-source application that runs on this machine that we have no control over). After a reboot he wants to automatically start a Windows interactive session and have this script run, plus the service needs to also have access to network resources (CIFS drives, in particular).
Here's what we've tried so far:
Start as Windows service. This failed, since a Windows service can either have access to interactive session or to network resources, but never both.
Used Microsoft management console to add the script to run at startup, however this did not work.
Used an HKLM registry key to start to run this script, however it only gets started when we manually open a remote desktop session on the server.
Creating a scheduled task. The program invoked did not have access to interactive windows session.
Any other suggestions? (Or maybe he missed something when he set up one of these suggestions?)
In case "Interact with desktop" on the service is not enough (I have seen a handful of cases where it is not), you can combine it with AutoAdminLogon. Create three (or four for a domain) REG_SZ values under HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon:
DefaultUsername
DefaultPassword
DefaultDomain
AutoAdminLogon
AutoAdminLogon should be set to the string "1", the others are self-explanatory.
Obviously this has security issues big enough to fly Jupiter through.
Have you tried having your script run as a Windows service, but allowing it to interact with the desktop?
Specifically:
Go to the service properties page
Click on the "Log On" tab
Select "Local System account"
Check "Allow service to interact with desktop"
See my similar question and real answer to it: How to start a process from windows service into currently logged in user's session
NOTE: "Interact with desktop" checkbox is not enough at all.
I recommend going about this another way. You could build another Windows app that communicates via IPC to the Windows Service and that could be what deals with the closed souorce application. But if you must, you can specify an option in the service (you can do this through MMC, registry, etc). Basically, you can see this option by going to Computer Management->Services and Applications->Services->Right click your service->Change account to Local System and check "Allow system to interact with desktop."
However, again, I recommend choosing another path.
I had to do something similar recently; a route that I found but discarded due to security concerns is to have the interactive service set self as running in interactive mode and then run the ImpersonateUser function in the win32 API, which I think will provide the benefits of both a user and the interactive session available from the LocalSystem.
Needless to say, if someone broke into a service that did that, they would have total control of the machine.